CVE-2025-12820

Medium

5.3/10

Summary

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

References

Advisory Timeline

Published Dec 20, 2025

CVE-2025-12820

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS